Skip to main content

AWS Sagemaker Security Patterns- Part 3

We are going to look into some best security architecture of AWS Sagemaker. By default AWS Sagemker is a managed service and everything is managed by the AWS, and not the customer.


We'll talk about Artifact management and availability patterns, in this part.

Image courtesy- AWS


Artifact management patterns:
 

1. The DS should not be able to download packages from Internet, but only from private repos.

2. All model artifacts should be versioned and archived by enabling S3 versioning

3. Use version control systems and repository management for all artifacts

 





















Auditability patterns:



1. All Sagemaker API calls are logged in ASW Cloudtrail.

2.  Cloudtrail S3 data events should be enabled for S3 data and model artifacts auditing.

3. Anytime user launch Notebook, tag that infrastructure for tracking purposes.





Sample deployment: